How to remove “IL:Trojan.MSILZilla.13094”?

The IL:Trojan.MSILZilla.13094 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What IL:Trojan.MSILZilla.13094 virus can do?

CAPE extracted potentially suspicious content
Authenticode signature is invalid
Binary compilation timestomping detected

How to determine IL:Trojan.MSILZilla.13094?


File Info:
name: A6C3748DA9A43D422527.mlw
path: /opt/CAPEv2/storage/binaries/66339ef37ad1a1718bf37f3a39ebf6eb1f5be1d1d7b54f8008db29bd26e0777a
crc32: 936C0E49
md5: a6c3748da9a43d42252703469c58ae82
sha1: d650142f4bbff4b850f12107631da4fac3833b57
sha256: 66339ef37ad1a1718bf37f3a39ebf6eb1f5be1d1d7b54f8008db29bd26e0777a
sha512: 61134b402db2ac34002a931a2d6e7e8b34a4b6781732151f76dd3d95d09a1c511b1d1959db9956d247db8357c0c1152fb1f8fb0e2e7de3da33f05312ce88a4fa
ssdeep: 768:nD9yzGpc3cpcrXMl0ZGHV9GRLJ+cR7uo3brMM+TaKz8juxF5X:nD9WS04VkRLJvRJYM+TX6+F5X
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T103433A04EBA4993DF83D497684BA81754361940DC8038E2B3CC9F66B2CE77955B0EE7E
sha3_384: f3b9697585099a3bf8a9bcb04af0cd501b7801e10fb4a756f31b1aaa6309cf2d03d89381790a7edfe533268428b718c3
ep_bytes: ff250020400000010203040608080000
timestamp: 2093-02-27 21:36:52

Version Info:
Translation: 0x0000 0x04b0
Comments: https://github.com/LimerBoy/FireFox-Thief
CompanyName: 
FileDescription: Firefox Stealer
FileVersion: 1.0.0.0
InternalName: Stealer.exe
LegalCopyright: LimerBoy
LegalTrademarks: 
OriginalFilename: Stealer.exe
ProductName: Stealer
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

IL:Trojan.MSILZilla.13094 also known as:

Bkav	W32.AIDetectNet.01
Lionic	Trojan.Win32.Zilla.4!c
MicroWorld-eScan	IL:Trojan.MSILZilla.13094
FireEye	IL:Trojan.MSILZilla.13094
McAfee	RDN/Generic PWS.y
VIPRE	IL:Trojan.MSILZilla.13094
Sangfor	Trojan.Win32.Sabsik.FL
K7AntiVirus	Password-Stealer ( 0057486e1 )
Alibaba	TrojanPSW:MSIL/MalwareX.4ba77f21
K7GW	Password-Stealer ( 0057486e1 )
CrowdStrike	win/malicious_confidence_70% (W)
BitDefenderTheta	Gen:NN.ZemsilF.34606.dm0@aGkOFse
Symantec	Trojan.Gen.MBT
Elastic	malicious (high confidence)
ESET-NOD32	a variant of MSIL/PSW.Agent.SCJ
APEX	Malicious
Paloalto	generic.ml
Kaspersky	HEUR:Trojan-PSW.MSIL.Agent.gen
BitDefender	IL:Trojan.MSILZilla.13094
Cynet	Malicious (score: 99)
Avast	Win32:MalwareX-gen [Trj]
Tencent	Msil.Trojan-qqpass.Qqrob.Lohn
Ad-Aware	IL:Trojan.MSILZilla.13094
Emsisoft	IL:Trojan.MSILZilla.13094 (B)
F-Secure	Heuristic.HEUR/AGEN.1251687
McAfee-GW-Edition	RDN/Generic PWS.y
Sophos	Mal/Generic-S
SentinelOne	Static AI – Suspicious PE
GData	IL:Trojan.MSILZilla.13094
Avira	HEUR/AGEN.1251687
Arcabit	IL:Trojan.MSILZilla.D3326
ZoneAlarm	HEUR:Trojan-PSW.MSIL.Agent.gen
Microsoft	Trojan:MSIL/FormBook.CD!MTB
Google	Detected
VBA32	Trojan.MSIL.InfoStealer.gen.D
ALYac	IL:Trojan.MSILZilla.13094
MAX	malware (ai score=81)
Malwarebytes	Spyware.PasswordStealer
Rising	Trojan.Generic/MSIL@AI.98 (RDM.MSIL:tJcLgTZDHVP4Fi/099sW1Q)
Ikarus	Trojan.MSIL.PSW
MaxSecure	Trojan.Malware.9723143.susgen
Fortinet	MSIL/Agent.SCJ!tr.pws
AVG	Win32:MalwareX-gen [Trj]
Cybereason	malicious.da9a43

How to remove IL:Trojan.MSILZilla.13094?

IL:Trojan.MSILZilla.13094 removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X